Digital transformation, combined with a rapid explosion of technologies, has paved the way to greater vulnerabilities and newer forms of threats to enterprises. Against this backdrop, industry experts now see an opportunity to adopt new technologies and methods for responding to the threats. This is possible by making efforts to stay one step ahead of cyber criminals by building capabilities to defend digital infrastructure.

This was the discussion theme of the session "Critical Success Factor of Successful Transition to Digital Age - Security & Privacy Imperatives for Enterprises" at the DSCI's 10th Annual Information Security Summit being held this week in New Delhi.

Information security experts say it's time for their peers across enterprises to take stock of digital assets and help the nation in its smooth transition to the digital era, before cyber criminals take control of our lives.

"It would not be an exaggeration to say that cyber criminals or fraudsters are better equipped to invade our nation's critical infrastructure and our digital business," says Raman Roy, chairman and managing director, Quattro. "It's time enterprises take control of the situation and not look at security as enterprise security, but equip themselves in defending the business in this digital era."

Other experts support the view, saying it is not enough to deploy technology and hope to block cyber criminals from entering your periphery. It's a must to work toward building seamless access control to detect anomalies faster.

The Digital Challenge

Leaders stress the need to see threats as an opportunity to build skill capacity and learn new nuances for dealing with growing vulnerabilities. While a breach, or an attack is unavoidable in this digital world, the challenge lies in taking appropriate steps to reduce the impact of such breaches by proactively responding to threats with efficient detection techniques.

Says Kartik Shahani, RSA's regional director-India & SAARC, "The new mandate for CISOs is to develop the ability to quickly detect anomalistic behaviour in the networks to be able to respond quickly to breaches and combat threats, given that threat vectors are growing at an alarming pace."

Rajendra Pawar, chairman of NASSCOM-DSCI's Cybersecurity Task Force, cites the instance of Prime Minister Narendra Modi stating cybersecurity is a serious problem, causing sleepless nights to heads of state and enterprises. "Security practitioners should take growing threats and vulnerabilities as an opportunity to build skills, impart board room training and help grow the cybersecurity industry as a whole."

How to Secure Digital Infrastructure

Experts agree the current state of security in the country is only superficial and addresses a miniscule of the cybersecurity challenges.

"The challenges we are witnessing are just the tip of the iceberg, and there are huge ones hidden which are overlooked," Roy says. "A strong security governance structure is required to tackle the challenges and defend the digital world."

Given that there are going to be 50 billion products by 2020 which will be connected via the internet, Roy says, it is going to be easy prey for cybercriminals to penetrate into these devices.

"One of the research reports says about 65 per cent of users across enterprises are unable to stop threats with the existing preventive measures," says Roy. "It is important to use existing resources and expertise from the industry and develop the ability to make changes to secure the digital business."

Shahani says protecting the digital identities is an uphill task, given the challenges associated with password protection.

"One way to secure your digital identities is to have more visibility into the networks to identify anomalies or anomalistic behaviour that can help respond faster to the data exfiltration methods," points out Shahani.

"It is also critical, given that the perimeter security is dissolved and CISOs need to find new ways to develop identity and authentication methods as enterprises go through the digital transformation," he says.

Pawar stresses the need for collaboration if cybersecurity and privacy imperatives are to be weighed. Explaining how to translate threats into building opportunities, he reiterates, "Cybersecurity, which constitutes about 1 percent of the total IT industry currently, will grab a 10 percent share by 2025," says Cyber Task Force's Pawar. "Also, cybersecurity is estimated to be a $35 billion industry by 2025, creating 1 million jobs over time. This calls for various stakeholders to join in creating these jobs."

According to Pawar, NASSCOM and DSCI are taking up some initiatives to address the challenge. Some of them include:

Address the demand and supply of the cybersecurity industry in building new products and solutions: creating 1000 new start-ups to focus on security;

Take stock of actionable tasks under security and put extraordinary energy into completing the tasks;

Build technical capacity and impart board room training in security;

Partner with academia to conduct research in security, funded by the government and private industries;

Form cybersecurity clusters across regions to act as industry bodies to lead security initiatives;

Build brand of India for cybersecurity and awareness campaigns;

Encourage organizations to develop disclosure norms for sharing information on best cybersecurity practices.

"I would strongly recommend that private enterprises join the academia in driving innovation in the cybersecurity space along with start-ups and create better infrastructure in securing the digital space," asserts Pawar.

About the Author

Nandikotkur is an award-winning journalist with over 20 years' experience in newspapers, audio-visual media, magazines and research. She has an understanding of technology and business journalism, and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a Group Editor for CIO & Leader, IT Next and CSO Forum.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;